<?

include('sys/init.php');

$current_user = hello();

if(!is_user($current_user)) header('location: '._basedomain);

$can_addcomment = check_user_right('bugs', 'add_comment', $current_user['rights']);
$can_edit_own   = check_user_right('bugs', 'edit_own',    $current_user['rights']);
$can_edit_other = check_user_right('bugs', 'edit_other',  $current_user['rights']);
$can_delete     = check_user_right('bugs', 'delete_comments', $current_user['rights']);

//------------------------------------------------------------------------------

if($_POST['what']=='removeattachment')
{
   $fn = justwords($_POST['fn']);
   
   $x = preg_replace('/[^0-9f]/', '', $_POST['ids']);
   
   $x = explode('f', $x);
   
   $cid = $x[0];
   
   unset($x);
   
   $dir  = _atchdir.$cid;
   $file = $dir.'/'.$fn;
   
   if( $cid>0 && is_file($file) )
   {
      $files = listdir($dir);

         $cmt = get_comment($cid);
         
         if( $can_edit_other || ($can_edit_own && $current_user['id'] == $cmt['user_id']) )
         {
            if( unlink($file) ) die('ok, '.$fn);
            else die('can`t remove file');
         }
         else die('no rights');
   }
   else die('wooot?');
}

//------------------------------------------------------------------------------
//------------------------------------------------------------------------------


elseif($_POST['what']=='editcomment' && $can_addcomment && $_POST['cid']==0 && $_POST['bid']>0 && $_POST['uid']==$current_user['id'])
{
   $bid       = justdigs($_POST['bid']);
   $uid       = $current_user['id'];
   $uname     = isset($_POST['uname']) ? justwords($_POST['uname']) : '';
   $commentxt = justhtml($_POST['cmt']);
   $ctype     = justdigs($_POST['ctype']);
   
   $uname_is_correct = ( $uid!=_anonymous_id || ($uid == _anonymous_id && _login_anonymous && strlen($uname) > _uname_length) );

   if( $uname_is_correct &&
       $bid > 0 &&
       strlen($commentxt) > _comment_length )
   {
      $files = check_uploaded_files($_FILES);
      
      $comment = array(
                        'date'   => now(),
                        'ctype_id'=> $ctype,
                        'bug_id' => $bid,
                        'user_id'=> $uid,
                        'user_name' => $uname,
                        'text'   => $commentxt,
                        'ip'     => getenv('REMOTE_ADDR'),
                        'isfirst'=> 0
                         );
                         
      $ncid = add_new_comment($comment, $files);
		
		if($ncid>0)
		{
			//--------------------------------------------------------------------------------------
			
			$bug = is_bug($bid, false, $current_user['level']);
			
			$users = get_users_by_level( $bug['level'] );
			
			$kws = array('_LINK_', '_TITLE_');
			$r   = array(_basedomain.'/bugs/'.$bid, $bug['title']);
			
			$msg = str_replace( $kws, $r, get_tpl('msg_newcomment.html') );
			
			message2users( $users, $msg, get_tpl('msg_newcommenttitle.html') );
			
			//--------------------------------------------------------------------------------------
			
			header( 'Location:'._basedomain.'/bugs/'.$bid.'#'.count_bug_comments($bid) );
		}
		else go_back();
   }
   else go_back();
}

//------------------------------------------------------------------------------
//------------------------------------------------------------------------------


elseif( $_POST['what']=='editcomment' && $_POST['cid']>0 )
{
   $cid       = justdigs($_POST['cid']);
   $uid       = $current_user['id'];
   $commentxt = justhtml($_POST['cmt']);
   $ctype     = justdigs($_POST['ctype']);

   $oldcmt = is_comment($cid);
   
   $canedit = ( $can_edit_other || ( $can_edit_own && is_array($oldcmt) && is_his_comment($cid, $oldcmt, $uid) ) );

   if( $canedit &&
       strlen($commentxt) > _comment_length )
   {
      $files = check_uploaded_files($_FILES);

      $username = ($oldcmt['user_id'] == _anonymous_id) ? justwords($_POST['uname']) : $oldcmt['user_name'];

      $comment = array(
                        'id'     => $oldcmt['id'],
                        'date'   => $oldcmt['date'],
                        'ctype_id'=> $ctype,
                        'bug_id' => $oldcmt['bug_id'],
                        'user_id'=> $oldcmt['user_id'],
                        'user_name'=> $username,
                        'text'   => $commentxt,
                        'ip'     => getenv('REMOTE_ADDR'),
                        'isfirst'=> 0
                         );

      $ncid = edit_comment($comment, $files);
      if($ncid) header('Location:'._basedomain.'/bugs/'.$oldcmt['bug_id'].'#'.$oldcmt['id']);
      else
      {
         header('Location:'._basedomain.'/bugs/'.$oldcmt['bug_id']);
      }
   }
   else
   {
      header('Location:'._basedomain.'/bugs/'.$oldcmt['bug_id']);
   }
}

//------------------------------------------------------------------------------
//------------------------------------------------------------------------------


elseif( $_POST['what']=='editcommentform' && $_POST['cid']>=0 && $_POST['bid']>0 )
{
   $bid = justdigs($_POST['bid']);
   $cid = justdigs($_POST['cid']);
   $uid = $current_user['id'];


   $comment = ($cid > 0) ? is_comment($cid) : new_comment($bid);

   $canedit = ( $can_edit_other ||
                ( $can_edit_own && is_array($comment) && is_his_comment($cid, $comment, $uid) ) ||
                ( $can_addcomment && $cid == 0 ) // form 4 new comment
              );
              

   if( $canedit && isset($comment['id']) )
   {
      die(html_edit_comment($current_user, $comment));
   }

   else die('error');
}

//------------------------------------------------------------------------------
//------------------------------------------------------------------------------


elseif( $_POST['what'] == 'deletecomment' && $_POST['cid'] > 0 && $_POST['bid'] > 0 )
{
   $cid = justdigs($_POST['cid']);

   $candothis = ( ($can_delete && $can_edit_other) ||
                  (is_his_comment($cid, false, $current_user['id']) && $can_delete && $can_edit_own )
                );
                
   if( $candothis && deletecomment($cid) ) die('deleted'.$cid);
   
   else die('ooops? '.$cid);
}
























?>
